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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1, 136(a). In no event, tiowever, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Status 

1)^ Responsive to communication(s) filed on 12 April 2006 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 107-147 and 165-181 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Clalm(s) 107-147 and 165-181 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 

Response to Arguments 

1, In response to communications filed on 4/12/2006, Applicant amends claims 109, 133, 
and 167. The following claims 107-147 and 165-181 are presented for examination. 

1.1 In response to communications filed on 4/12/2006, the objection to claims 109, 133, and 
167 have been withdrawn with respect to the amendment. 

2. Applicant's arguments, pages 13-24, filed on 4/12/2006 have been fully considered but 
they are not persuasive. Regarding the 112^ rejection, Applicant fails to provide accurate 
support of the claimed invention. For instance, applicant relies on the following citation 
"creating a socket for use by an inbound connection (400). . . Upon receiving an inbound 
connection, a list of currently open sockets maintained by relay program is searched in an effort 
to locate an open socket having a matching password. It will be noted that the process illustrated 
in figure 4 is one that uses passwords for each connection in order to provide enhanced security". 
The above citation does not equate the claimed invention reciting, "providing a plurality of 
sockets wherein each socket has an associated connection and an associated security token, and 
the associated security token is provided by the associated connection." Examiner respectfully 
asserts that the specification does not contain a written description of the invention, and of the 
manner and process of making and using it in a full, clear, concise, and exact terms as to enable 
any person skilled in the art to which it pertains to carry the invention for the following reasons. 
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There is no security token that is provided by each socket of the pluraUty of sockets as claimed. 
Applicant states, the application further describes the password as being provided (application 
p. 12:12). It is noted that this passage merely states "if the password provided"; applicant 
clarifies that it is the password provided by the attempted connection; therefore, it cannot be the 
password of the currently open sockets as recited in the claim. The specification does not 
describe any specific association as claimed between each socket, each connection, and 
password. The word association is not even mentioned. The claim limitation reciting, creating a 
socket associated with the first connection wherein the first connection has associated the first 
security token is not explicitly described by the specification as shown above, the socket created 
in step 400 was never mentioned afterwards. AppUcant states that the above citation also 
estabUshes comparing a first security token with the associated security tokens. It is noted that 
the passage provided by applicant page 12, lines 1-7 does not describe any comparison between a 
first password (security token) provided by a first connection with security tokens associated 
with open sockets. Page 12, Unes 7-20 describes use of network addresses or string to determine 
if the connection is made by an authorized element. The passage "if a password matches a 
currently open socket. . does not expUcitly describe comparing passwords with passwords of 
current open sockets. The claimed limitation "including the socket in the plurality of sockets" 
does not equate "the attempted connection is put on the list of currently open sockets from the 
specification", and contrarily to appUcant's assertion, there is nowhere in the specification it is 
disclosed that an attempted connection is associated with its own socket. Applicant states "the 
socket associated with the in-bound connection is disclosed to be included in the plurality of 
open sockets". Examiner respectfully disagrees because there is no reference made in the 
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specification as to the attempted connection is associated with the socket created in step 400. 
Therefore, applicant has not overcome the rejection under 112. 

Claims 125, 145, 165, and 179 do not have support in the specification for at least the 
reasons mentioned above- 
Applicant argues that Bhagwat does not disclose "comparing the first security token with 
the associated security tokens". Examiner respectfully disagrees. There are two independent 
connections and each normal TCP connection terminates at a TCP socket which is named by an 
address and port number (that meets the recitation of security token). Bhagwat also discloses 
using SOCKS protocol version 4 or 5 for exchanging authentication information (column 7, lines 
20-36) that also meets the recitation of using socket with an associated connection and an 
associated security token and comparing security token with associated security tokens. See also 
embodiment column 7, line 45 through column 8, line 8 for comparing security token to match 
outgoing connection or to glue connections. In view of the above, applicant has not overcome 
the 102 rejection and therefore, the dependent claims that depend on the independent claims 
rejected under 102 are proper. Upon further consideration, claims 107-147 and 165-181 are still 
rejected in view of the prior art. 



Claim Rejections - 35 USC § 112 

3. The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to 
enable any person skilled ui the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 
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3.1 Claims 107, 131, 148 and 125, 145, and 165, 179 and the intervening claims are rejected 
under 35 U.S.C. 1 12, first paragraph, as failing to comply with the written description 
requirement. The claims contain subject matter, which were not described in the specification in 
such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the 
time the appUcation was filed, had possession of the claimed invention. Applicant's disclosure 
fails to recite the amended claims as claimed. Applicant's disclosure portion that refers to socket 
can only be found on page 11, line 19 through page 12, line 25, "the socket is being employed in 
describing the relay program 210" in the exemplary process of figure 4, "It will be apparent to 
one skill in the art that the network connections referred to herein will be cast in terms of other 
programmatic constructs". At the time the invention was made. Applicant was not concerned of 
having the invention implemented in a networking concept of socket as disclosed in the claims. 
The plurality of sockets claimed by applicant in the last action, as interpreted by Examiner, 
represented the socket of the first connection and the matching socket. Given the claims now as 
amended, it appears that Applicant is referring to the Ust of currently open sockets (to be 
searched for match), because Applicant now claims that the socket (interpreted as the attempted 
connection) is included in the pluraUty of sockets in response to no match. Therefore, the 
specification does not describe, "providing a plurality of sockets, wherein each socket has an 
associated connection and an associated security token and the associated token is provided by 
the associated connection". The disclosure does not even explicitly states, "the socket" is 
included in the plurality of sockets. In addition, the disclosure does not describe, "creating a 
socket associated with the first connection wherein the first connection has associated the first 
security token," The disclosure merely states "create a socket for use by an inbound connection" 
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this socket was never mentioned afterwards, and merely states "a password is provided". The 
association that Applicant is claiming with the created socket having an associated connection 
and associated token is not expUcitly disclosed. Note that at the time the invention was made by 
Applicant, the disclosure of this embodiment with respect to figure 4 was primarily concerned 
with matching the passwords and determining if the connection should be put on a listen state. 
Not even the amended dependent claims 125 and 145 reciting, in response to the comparing if 
there is no match, including the second connection with said one or more corresponding 
connections, was not described in the specification as explained above as to reasonably convey 
to one skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. 

Claim Rejections - 35 USC § 102 
4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), (2), and 
(4) of section 371(c) of this title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
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do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

4. 1 Claims 107-127 and 131-148 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US Patent 5,941,988 to Bhagwat et al.. 

4.2 As per claims 107-108, 131-132, and 148, Bhagwat et ah discloses a method 
comprising providing one socket for each end connection wherein each socket has associated 
address, port number, sequence space and sequence number and checksum (see column 3, line 
45 through column 4, line 17 see abstract) that meets the recitation of associated security token; 
so the disclosure above meets the recitation of providing a plurality of sockets, wherein each 
socket has an associated connection and an associated security token; Bhagwat et al discloses "a 
TCP connection is uniquely identified by the names of the two sockets at its endpoints." There 
are two independent connections and each normal TCP connection terminates at a TCP socket 
which is named by an address and port number (that meets the recitation of security token) and 
the associated security token is provided by the associated connection (see column 3, line 45 
through column 4, line 17 and column 5, lines 5-56), In addition, Bhagwat also discloses using 
SOCKS protocol version 4 or 5 for exchanging authentication information (column 7, lines 20- 
26). It is inherent that the SOCKS protocol version 5 estabUshes connection by using strong 
authentication including username/password authentication. Copies of Socks Protocol Version 5 
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are provided to Applicant as extrinsic evidence. Bhagwat et al also discloses a proxy receives 
connection from the client and exchanges authentication information, for example (see column 7, 
lines 10-25) also the client sends the associated security token as discussed above to establish 
connection (see column 3, line 45 through column 4, Une 17 column 6, lines 35-43; column 7, 
lines 45-67) that meets the recitation of receiving a first connection and a first security token; 
Bhagwat et ai also discloses creating a socket associated with the first connection (column 7, 
lines 13-26) and an authentication test that meets the recitation of comparing the first security 
token with the associated security tokens (column 7, lines 13-26; column 5, lines 1-20 see also 
column 8, lines 1-8). It is inherent that the SOCKS protocol version 5 estabUshes connection by 
using strong authentication including username/password authentication to determine validity of 
the connection request by comparing. Bhagwat et al also discloses checking the authentication 
test (column 7, lines 12-25) and discloses a mapping process that includes comparing the 
security token of the client to associated security tokens also discloses matching port numbers or 
addresses that meets the recitation of comparing the first security token with the associated 
security tokens, for example (column 6, lines 35-43; and column 7, Une 55 through column 8, 
line 24; see also column 4, lines 22-37); Bhagwat et a! further discloses in one embodiment that 
if authentication fails the socket returns to Usten state as an open connection that meets the 
recitation of including the socket in the plurality of sockets (column 7, lines 13-56); 

As per claims 109, 111, 133, 135, Bhagwat et al. discloses the limitation of further 
comprising: in response to said comparing, if the first security token and a security token 
associated with one of the pluraUty of sockets match, coupling an end point of the first 
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connection to an end point of the connection associated with the socket, for example (see column 
5, Unes 5-20). 

As per claims 110, 134, Bhagwat et aL discloses the Umitation of further comprising: in 
response to said comparing, if none of the associated security tokens match the first security 
token, upon a determination that the first connection is not to be associated with a socket, 
disconnecting the first connection, for example (see column 12, lines 25-37). 

As per claims 112, 136, Bhagwat et al. discloses the Umitation of wherein the coupling 
the first connection to the connection associated with the socket comprises: creating a single 
connection comprising the first connection and the connection associated with the socket, for 
example (see column 5, lines 5-20 and column 7, Unes 26-56). 

As per claims 113-114, 137-138, Bhagwat et ah discloses the limitation of further 
comprising: decoupling the first connection and the connection associated with the socket, 
wherein the decoupling occurs upon one of failure and disconnect of one of the first connection 
and the connection associated with the socket, for example (see column 12, Unes 25-37 and 
column 9, Une 55 et seq.). 

As per claims 115, 139, Bhagwat et al. discloses the Umitation of wherein the first 
connection is transmitted through a first firewall program, for example (see column 1, Imes 45- 
67 and column 5, lines 5-20). 
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As per claim 116, Bhagwat et al. discloses a proxy that can create a connection that 
meets the recitation of the limitation of wherein the first connection is created by a protocol 
daemon, for example (see column 7, lines 26-45). 

As per claim 117, Bhagwat et al. discloses wherein a second connection connects the 
protocol daemon to a first program, and the protocol daemon couples the first connection to the 
second connection, for example (see column 7, lines 26-56). 

As per claim 118, Bhagwat et al. discloses wherein the protocol daemon relays a data 
stream between the first connection and the second connection, for example (see column 7, Unes 
26-56). 

As per claim 119, Bhagwat et al. discloses wherein the first program provides the first 
security token, for example (see column 3, line 63 through column 4, line 8). 

As per claims 120 and 140, Bhagwat et al. discloses a method comprising: creating a 
first connection to a proxy that meets the recitation of first program (column 5, lines 5-10); 
receiving data 1 that meets the recitation of a first security token fi*om the first program (column 
5, lines 18-20); creating a second connection to a telnet server that meets the recitation of relay 
program (column 5, line 15); providing the first security token to the relay program, for example 
(see column 5, lines 18-20); and upon successful creation of the second connection, coupling the 
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first connection to the second connection, for example(column 5, lines 18-30). See also (see 
column 3, line 63 through column 4, line 8; and column 7, lines 26-45). 

As per claims 121 and 141, Bhagwat et al. discloses the limitation of wherein the 
second connection is transmitted through a firewall program, for example (see column 3, line 63 
through column 4, line 8; column 5, lines 5-40; and column 7, lines 26-45). 

As per claims 122 and 142, Bhagwat et al. discloses the Umitation of further 
comprising: relaying a data stream between the first connection and the second connection, for 
example (see column 3, line 63 through column 4, line 8; column 5, lines 5-40 and column 7, 
lines 26-45). 

As per claims 123 and 143, Bhagwat et al. discloses the hmitation of wherein the first 
security token is one of a password, a network address, and a verification string, for example (see 
column 3, line 63 through column 4, line 8; column 5, lines 5-40; and column 7, lines 26-45). 

As per claims 124 and 144, Bhagwat et al. discloses the limitation of further 
comprising: terminating the first connection and the second connection, for example (see column 
12, lines 25-37 and column 9, lines 55 et seq.). 

As per claims 125 and 145, Bhagwat et al. discloses the limitation of wherein the relay 
program compares the first security token with one or more security tokens associated with one 
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or more corresponding connections, for example (column 7, lines 10-55 and column 8, lines 40 
et seq. and column 4, lines 22-37 and column 12, line 33-55); in response to said comparing, if 
the first security token and a security token associated with a corresponding connection match, 
couphng the second connection to the connection associated with the matching security token, 
for example (see column 5, lines 5-20); and in response to said comparing, if none of the 
associated security tokens match the first security token, including the second connection with 
said one or more corresponding connections, for example (column 7, lines 10-55 and column 8, 
lines 40 et seq. and column 4, lines 22-37). 

As per claims 126 and 146, Bhagwat et al. discloses the Hmitation of wherein the 
connection associated with the matching security token is initiated by a second program, for 
example (see column 5, lines 5-20), 

As per claims 127 and 147, Bhagwat et al. discloses the hmitation of wherein the relay 
program relays data between the second connection and the connection associated with the 
matching security token, for example (see column 3, hne 63 through column 4, line 8; column 5, 
lines 5-40 and column 7, lines 26-45). 

Claims 165-173 are similar to the rejected claims 107-1 15 respectively except for 
incorporating the claimed methods into a computer program. Therefore, 107-1 15 are rejected on 
the same rationale as the rejection of claims 165-173. 
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Claims 174-181 contains the same claim limitations as the rejected claims 120-127 
respectively except for incorporating the claimed methods into a computer program. Therefore, 
174-181 are rejected on the same rationale as the rejection of claims 120-127. 

Claim Rejections - 35 USC § 103 
5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

5.1 Claims 128-130 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 5,941,988 to Bhagwat et al. in view of US Patent 6,104,716 to Crichton et ah. 

5.2 Claim 128 contains the same hmitations as claim 120 except for using a protocol daemon 
to create both connections. Bhagwat et al discloses a proxy that meets the recitation of protocol 
daemon and discloses all the hmitations of claim 120 except for initiating the first connection to 
the cUent. Crichton et al. in an analogous art teaches the limitation of claim 120 by using a 
client proxy for communicating with a cUent and with a middle proxy and coupling the 
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connections to provide end-to-end connections through firewalls (column 2, lines 26-52). 
Crichton et al also discloses the cUent and the proxy can reside on the same machine (column 6, 
lines 15-24). Crichton et al also discloses that the functionality of end proxies that meets the 
recitation of protocol daemon can be increased to allow for other protocols and services, for 
example one end proxy could provide both chent and server end proxy functionality (column 5, 
lines 41-45), Crichton discloses one end proxy could provide both client and server end proxy 
functionality (column 5, Unes 41-45). This means if the first program represents an application 
server an in-bound connection is created "a server end-proxy can connect to an inside X- 
Windows system server and a middle proxy" (column 5, lines 32-35). AppUcant discloses the 
same (on page 9, lines 9-15) program 135 (first program) requires an in-bound connection (e.g. 
where program 135 is an apphcation server) ... such functionality is provided by a daemon 
running on computer 105. Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the proxy or protocol daemon disclosed in 
Bhagwat et al. to provide a protocol daemon program that does the creating of the first 
connection as well as the second connection thus increasing the functionality of end proxy to 
allow for other protocols and services as suggested by Crichton et al. One skilled in the art 
would have been lead to make such a modification and recognizes the advantage of using an end 
proxy that could provide both cUent and server end proxy functionality as this increase of 
functionality would allow for more protocols and services as suggested by Crichton et al (see 
column 5, lines 41-45). 



Application/Control Number: 09/456,692 Page 15 

Art Unit: 2136 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated fi-om the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

6. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or PubUc PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
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system, see http ://pair-direct.uspto. gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Carl Colin 
Patent Examiner 



June 21, 2006 




